Aller au contenu

dideul

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    26

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par dideul

  1. dideul
    Bonjour, Depuis quelques jours je n'ai plus de son venant des HP et de la sortie casque. En lieu et place du son j'entends un grésillement. Je ne peux plus accéder au contrôle du volume (icône en bas à droite de l'écran). Merci pour votre aide
  2. dideul
    Merci encore pour votre aide!
  3. dideul
    Bonjour, Après les dernières recommandations voilà ce qu'il en est! Par contre j'ai plus de son sur l'ordinateur. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:38, on 09/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10564 bytes
  4. dideul
    Bonsoir, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:57:06, on 07/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\wanmpsvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10900 bytes
  5. dideul
    Et voila le second! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:12:13, on 06/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Logitech\Video\FxSvr2.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12548 bytes
  6. dideul
    Voila le premier rapport. C:\Lop SD: trouvé ! C:\HijackThis: trouvé ! C:\Documents and Settings\HLW\Bureau\Lop S&D.lnk: trouvé ! C:\Documents and Settings\HLW\Bureau\LopSD.exe: trouvé ! C:\Documents and Settings\HLW\Menu Démarrer\Programmes\Lop S&D: trouvé ! C:\Documents and Settings\Salima\Bureau\Navilog1.exe: trouvé ! C:\Documents and Settings\Salima\Recent\HijackThis.lnk: trouvé ! C:\HiJackThis\HijackThis.exe: trouvé ! C:\Lop SD\Lop S&D.lnk: trouvé !
  7. dideul
    Bonsoir, Voila le rapport demandé Avira AntiVir Personal Report file date: samedi 5 juillet 2008 19:03 Scanning for 1378724 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Salima Computer name: LGPB Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 16:54:17 ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 16:54:19 ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 16:54:19 Engineversion : 8.1.0.64 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.46 283002 Bytes 05/07/2008 16:54:33 AESCN.DLL : 8.1.0.22 119157 Bytes 05/07/2008 16:54:32 AERDL.DLL : 8.1.0.20 418165 Bytes 05/07/2008 16:54:31 AEPACK.DLL : 8.1.1.6 364918 Bytes 05/07/2008 16:54:30 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 05/07/2008 16:54:28 AEHEUR.DLL : 8.1.0.35 1298806 Bytes 05/07/2008 16:54:27 AEHELP.DLL : 8.1.0.15 115063 Bytes 05/07/2008 16:54:24 AEGEN.DLL : 8.1.0.29 307573 Bytes 05/07/2008 16:54:23 AEEMU.DLL : 8.1.0.6 430451 Bytes 05/07/2008 16:54:21 AECORE.DLL : 8.1.0.32 168311 Bytes 05/07/2008 16:54:20 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 5 juillet 2008 19:03 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '46' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\HLW\Bureau\install_Messenger Live Plus_.exe [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.CCleaner.A.38 [NOTE] A backup was created as '48e2aaaa.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\Salima\Application Data\thunkonline\Ante amok plus grey.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e3afba.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\Salima\Application Data\thunkonline\link move mfcd.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48ddafb6.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\Salima\Application Data\thunkonline\Maileach.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48d8afae.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\Salima\Application Data\thunkonline\xsyhwbbm.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e8afc1.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Noun 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e4b0d4.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\ARZ\APPLIC~1\THUNKO~1\auajuxup.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48d0b0db.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\ARZ\APPLIC~1\THUNKO~1\ceokcytl.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48deb0cc.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\ARZ\APPLIC~1\THUNKO~1\Maileach.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48d8b0c9.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\HLW\APPLIC~1\THUNKO~1\Ante amok plus grey.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e3b0d7.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\HLW\APPLIC~1\THUNKO~1\kudwgbcd.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48d3b0df.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\HLW\LOCALS~1\Temp\bisDA.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e2b0d4.qua' ( QUARANTINE ) [NOTE] The file was deleted! End of the scan: samedi 5 juillet 2008 20:11 Used time: 1:08:42 min The scan has been done completely. 7205 Scanning directories 259174 Files were scanned 12 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 12 files were deleted 0 files were repaired 12 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 259162 Files not concerned 7626 Archives were scanned 2 Warnings 12 Notes
  8. dideul
    Rapport escan File C:\Documents and Settings\HLW\Bureau\InternetGameBox_setup.exe infected by "Trojan-Dropper.Win32.Agent.eaf" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Salima\Bureau\ARZ\Bureau\incredimail_install(2).exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\Documents and Settings\Salima\Bureau\ARZ\Bureau\incredimail_install.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\Documents and Settings\Salima\Bureau\Navilog1.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Lop SD\Backup-Lop\Program Files\Circle Developement\Uninstall.exe infected by "Trojan.Win32.Obfuscated.mt" Virus. Action Taken: File Deleted. File C:\Program Files\MSN Messenger\riched20.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken. File C:\RECYCLER\S-1-5-21-989968666-1554192886-3421028384-1006\Dc11.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\RECYCLER\S-1-5-21-989968666-1554192886-3421028384-1009\Dc154.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP13\A0010965.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ay. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016397.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016398.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016399.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016400.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016401.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016402.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.bw. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016403.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016406.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016409.exe tagged as not-a-virus:Downloader.Win32.WinFixer.au. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016412.exe infected by "Trojan-Dropper.Win32.Agent.cca" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016413.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.bv. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016415.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016416.exe tagged as not-a-virus:AdTool.Win32.MyWebSearch.av. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016417.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.aw. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP28\A0021898.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002137.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ay. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002138.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002225.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ax. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002228.exe tagged as not-a-virus:Downloader.Win32.WinFixer.au. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002250.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002251.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP37\A0023816.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP37\A0023851.exe tagged as not-a-virus:Downloader.Win32.ImLoader.e. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP37\A0023852.exe tagged as not-a-virus:Downloader.Win32.ImLoader.e. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0028799.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0033364.exe tagged as not-a-virus:Downloader.Win32.ImLoader.e. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0046022.exe infected by "Trojan.Win32.Pakes.cpq" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0086053.exe infected by "Trojan.Win32.Obfuscated.mt" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087164.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087438.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087675.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087714.exe infected by "Trojan-Dropper.Win32.Agent.eaf" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087716.exe infected by "Trojan.Win32.Obfuscated.mt" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003427.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.bv. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003428.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.aw. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003432.exe tagged as not-a-virus:AdTool.Win32.MyWebSearch.av. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003433.exe infected by "Trojan-Dropper.Win32.Agent.cca" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003437.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003438.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003439.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003440.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003441.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003442.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.bw. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003443.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003446.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP9\A0006656.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ax. No Action Taken. rapport HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:52:35, on 29/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Real\RealPlayer\RealPlay.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Proxy exit] C:\DOCUME~1\Salima\APPLIC~1\THUNKO~1\Maileach.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13062 bytes Bonne soirée
  9. dideul
    Voilà le rapport du second compte. Clean Navipromo version 3.6.0 commencé le 29/06/2008 à 17:54:48,85 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "HLW" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\HLW\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\HLW\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\HLW\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\HLW\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\HLW\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\HLW\locals~1\applic~1" * * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 29/06/2008 à 17:58:40,74 ***
  10. dideul
    Bonjour, Voila le Navilog! Est il nécessaire de refaire le scan kaspersky? Merci Clean Navipromo version 3.6.0 commencé le 29/06/2008 à 14:54:14,04 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Salima" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\Salima\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ARZ\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\HLW\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Salima\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ARZ\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\HLW\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Salima\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ARZ\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\HLW\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Salima\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ARZ\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\HLW\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Salima\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\Salima\locals~1\applic~1" * * Dans "C:\DOCUME~1\ARZ\locals~1\applic~1" * * Dans "C:\DOCUME~1\HLW\locals~1\applic~1" * * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 29/06/2008 à 14:58:27,14 ***
  11. dideul
    Et de 2! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, June 29, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, June 29, 2008 08:40:45 Records in database: 896750 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 101447 Threat name: 5 Infected objects: 7 Suspicious objects: 0 Duration of the scan: 01:29:14 File name / Threat name / Threats count C:\Documents and Settings\ARZ\Bureau\incredimail_install(2).exe Infected: not-a-virus:Downloader.Win32.ImLoader.c 1 C:\Documents and Settings\ARZ\Bureau\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c 1 C:\Documents and Settings\ARZ\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c 1 C:\Documents and Settings\HLW\Bureau\InternetGameBox_setup.exe Infected: Trojan-Dropper.Win32.Agent.eaf 1 C:\Documents and Settings\HLW\Bureau\Navilog1.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Lop SD\Backup-Lop\Program Files\Circle Developement\Uninstall.exe Infected: Trojan.Win32.Obfuscated.mt 1 C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch 1 The selected area was scanned.
  12. dideul
    Et de 1! Search Navipromo version 3.6.0 commencé le 28/06/2008 à 18:53:37,39 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "HLW" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * Fichiers trouvés : layoguemf.exe trouvé ! * Recherche dans "C:\Documents and Settings\HLW\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ARZ\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Recherche fichiers *** C:\Documents and Settings\HLW\locals~1\Temp\pack.epk trouvé ! C:\WINDOWS\pack.epk trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : bxzdimxcc.dat trouvé ! bxzdimxcc_nav.dat trouvé ! bxzdimxcc_navps.dat trouvé ! qmbtqudmvz.dat trouvé ! qmbtqudmvz_nav.dat trouvé ! qmbtqudmvz_navps.dat trouvé ! wyvyau.dat trouvé ! wyvyau_nav.dat trouvé ! wyvyau_navps.dat trouvé ! zgczkmit.dat trouvé ! zgczkmit_nav.dat trouvé ! zgczkmit_navps.dat trouvé ! * Dans "C:\Documents and Settings\HLW\locals~1\applic~1" : * Dans "C:\DOCUME~1\ARZ\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 28/06/2008 à 19:09:38,67 ***
  13. dideul
    Et ceci pour terminé! Search Navipromo version 3.6.0 commencé le 28/06/2008 à 18:53:37,39 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "HLW" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * Fichiers trouvés : layoguemf.exe trouvé ! * Recherche dans "C:\Documents and Settings\HLW\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ARZ\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Recherche fichiers *** C:\Documents and Settings\HLW\locals~1\Temp\pack.epk trouvé ! C:\WINDOWS\pack.epk trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : bxzdimxcc.dat trouvé ! bxzdimxcc_nav.dat trouvé ! bxzdimxcc_navps.dat trouvé ! qmbtqudmvz.dat trouvé ! qmbtqudmvz_nav.dat trouvé ! qmbtqudmvz_navps.dat trouvé ! wyvyau.dat trouvé ! wyvyau_nav.dat trouvé ! wyvyau_navps.dat trouvé ! zgczkmit.dat trouvé ! zgczkmit_nav.dat trouvé ! zgczkmit_navps.dat trouvé ! * Dans "C:\Documents and Settings\HLW\locals~1\applic~1" : * Dans "C:\DOCUME~1\ARZ\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 28/06/2008 à 19:09:38,67 ***
  14. dideul
    Et voici le second rapport. Merci pour l'interprétation. -----------------------[ Lop S&D 4.2.1-8 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : HLW ] [ "C:\Lop SD" ] [ Selection : 2 ] [ 28/06/2008 | 13:49:39,81 ] [ PC : LGPB ] [ MAJ : 24-06-2008 | 11:00 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////// Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Eggs List.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\more htm.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Noun 1.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\auajuxup.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\ceokcytl.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\klkqelkn.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\link move mfcd.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\Maileach.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\Ante amok plus grey.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\drueaepe.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\jltefmiu.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\kudwgbcd.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\link move mfcd.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\Maileach.exe Supprime! - C:\Program Files\Circle Developement\Uninstall.exe Supprime! - C:\WINDOWS\Prefetch\EGGS LIST.EXE-1E1FF1D9.pf Supprime! - C:\WINDOWS\Prefetch\MORE HTM.EXE-051749D8.pf Supprime! - C:\WINDOWS\Prefetch\LINK MOVE MFCD.EXE-0291D555.pf Supprime! - C:\WINDOWS\Prefetch\LINK MOVE MFCD.EXE-28E677C9.pf Supprime! - C:\WINDOWS\Prefetch\MAILEACH.EXE-092B270B.pf Supprime! - C:\WINDOWS\Prefetch\MAILEACH.EXE-28CC7B3F.pf Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@www.adserver5[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@adin.bigpoint[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@bigpoint[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@fr1.seafight.bigpoint[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@banner.casinoking[2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@casinoking[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@banner.cotedazurpalace[2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@cotedazurpalace[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@adopt.euroclick[2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@pacificpoker[2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@partygaming.122.2o7[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@partypoker[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@32vegas[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@banner.32vegas[2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@2xmoinscher[2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@www.2xmoinscher[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@888[1].txt Supprime! - C:\WINDOWS\Tasks\A0D12EC391C2A50F.job Supprime! - C:\WINDOWS\Tasks\A58CD070918B489C.job Supprime! - C:\WINDOWS\Tasks\B605D6249BFA474C.job Supprime! - C:\DOCUME~1\HLW\LOCALS~1\Temp\bisDA.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1 Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1 Supprime! - C:\Program Files\thunko~1 Supprime! - C:\Program Files\Circle Developement RestaurÚ! - Fichier Hosts //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Supprime! - C:\Program Files\Viewpoint Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ -------------[ Listing des dossiers dans APPLIC~1 ]------------ [10/01/2007|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [04/01/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [30/08/2006|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ [29/03/2007|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [04/03/2007|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [02/11/2007|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt [25/02/2008|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [15/06/2008|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [12/04/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2 [09/01/2008|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [04/09/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [27/06/2008|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [05/09/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir [05/09/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard [10/01/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [03/03/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [12/04/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [28/06/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [30/10/2006|17:38] C:\DOCUME~1\ARZ\APPLIC~1\Adobe [15/04/2007|15:19] C:\DOCUME~1\ARZ\APPLIC~1\AdobeUM [12/11/2006|20:20] C:\DOCUME~1\ARZ\APPLIC~1\AOL [05/09/2006|03:00] C:\DOCUME~1\ARZ\APPLIC~1\Canon [30/08/2006|22:29] C:\DOCUME~1\ARZ\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\ARZ\APPLIC~1\desktop.ini [30/08/2006|13:13] C:\DOCUME~1\ARZ\APPLIC~1\Identities [03/09/2006|22:38] C:\DOCUME~1\ARZ\APPLIC~1\Leadertech [03/02/2007|13:38] C:\DOCUME~1\ARZ\APPLIC~1\Macromedia [18/03/2007|12:36] C:\DOCUME~1\ARZ\APPLIC~1\Microsoft [03/02/2007|13:33] C:\DOCUME~1\ARZ\APPLIC~1\Mozilla [24/03/2008|17:58] C:\DOCUME~1\ARZ\APPLIC~1\MSNInstaller [03/09/2006|22:53] C:\DOCUME~1\ARZ\APPLIC~1\OD2 [20/06/2008|17:54] C:\DOCUME~1\ARZ\APPLIC~1\OpenOffice.org2 [05/09/2006|03:36] C:\DOCUME~1\ARZ\APPLIC~1\ScanSoft [30/08/2006|13:13] C:\DOCUME~1\ARZ\APPLIC~1\Skype [03/09/2006|22:38] C:\DOCUME~1\ARZ\APPLIC~1\Sonic [28/06/2007|09:52] C:\DOCUME~1\ARZ\APPLIC~1\Sun [30/03/2008|14:48] C:\DOCUME~1\ARZ\APPLIC~1\Template [26/10/2007|19:20] C:\DOCUME~1\ARZ\APPLIC~1\Windows Desktop Search [09/06/2006|03:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Skype [20/01/2008|15:31] C:\DOCUME~1\HLW\APPLIC~1\Adobe [04/03/2007|14:55] C:\DOCUME~1\HLW\APPLIC~1\AdobeUM [12/11/2006|19:40] C:\DOCUME~1\HLW\APPLIC~1\AOL [11/06/2008|15:01] C:\DOCUME~1\HLW\APPLIC~1\Canon [12/11/2006|17:29] C:\DOCUME~1\HLW\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\HLW\APPLIC~1\desktop.ini [28/01/2008|21:52] C:\DOCUME~1\HLW\APPLIC~1\FUJIFILM [21/06/2006|11:51] C:\DOCUME~1\HLW\APPLIC~1\Identities [04/03/2007|14:47] C:\DOCUME~1\HLW\APPLIC~1\Macromedia [25/10/2007|19:52] C:\DOCUME~1\HLW\APPLIC~1\Microsoft [09/02/2007|20:04] C:\DOCUME~1\HLW\APPLIC~1\Mozilla [01/10/2006|21:51] C:\DOCUME~1\HLW\APPLIC~1\OD2 [28/06/2008|12:44] C:\DOCUME~1\HLW\APPLIC~1\OpenOffice.org2 [14/10/2007|13:20] C:\DOCUME~1\HLW\APPLIC~1\ScanSoft [21/06/2006|11:51] C:\DOCUME~1\HLW\APPLIC~1\Skype [27/07/2007|12:08] C:\DOCUME~1\HLW\APPLIC~1\Sun [24/09/2006|12:01] C:\DOCUME~1\HLW\APPLIC~1\Template [19/03/2007|01:06] C:\DOCUME~1\HLW\APPLIC~1\vlc [27/10/2007|10:31] C:\DOCUME~1\HLW\APPLIC~1\Windows Desktop Search [12/11/2006|19:40] C:\DOCUME~1\HLW\APPLIC~1\You've Got Pictures Screensaver [14/04/2007|16:27] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe [13/11/2006|21:34] C:\DOCUME~1\INVIT~1\APPLIC~1\AOL [23/09/2006|10:42] C:\DOCUME~1\INVIT~1\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini [21/06/2006|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities [14/04/2007|14:30] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia [02/01/2008|16:13] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft [14/04/2007|14:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla [23/09/2006|10:34] C:\DOCUME~1\INVIT~1\APPLIC~1\OD2 [21/06/2006|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Skype [26/10/2007|17:08] C:\DOCUME~1\INVIT~1\APPLIC~1\Windows Desktop Search [25/10/2007|19:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [25/10/2007|19:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [28/06/2008 13:36][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [02/03/2006 14:00][-rah-----] C:\WINDOWS\tasks\desktop.ini [28/06/2008 01:31][--ah-----] C:\WINDOWS\tasks\SA.DAT ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [21/06/2006|11:56] C:\Program Files\Adobe [10/01/2007|19:07] C:\Program Files\Alwil Software [19/01/2008|21:25] C:\Program Files\AOL [09/01/2008|21:58] C:\Program Files\AOL 9.0 [09/01/2008|21:57] C:\Program Files\AOL Compagnon [30/08/2006|23:23] C:\Program Files\ArcSoft [06/10/2007|20:02] C:\Program Files\Auralog [21/06/2006|11:56] C:\Program Files\AvRack [09/01/2008|21:55] C:\Program Files\Canon [27/06/2008|23:16] C:\Program Files\CCleaner [09/01/2008|21:58] C:\Program Files\ComPlus Applications [09/01/2008|21:58] C:\Program Files\CVitae [09/01/2008|21:58] C:\Program Files\CyberLink [26/05/2008|00:37] C:\Program Files\DivX [09/01/2008|21:58] C:\Program Files\eMule [21/03/2007|22:12] C:\Program Files\EZFace [09/01/2008|15:34] C:\Program Files\Fichiers communs [26/05/2008|00:37] C:\Program Files\FinePixViewer [04/01/2007|17:30] C:\Program Files\GIMP-2.0 [24/03/2008|17:57] C:\Program Files\IncrediMail [09/01/2008|15:33] C:\Program Files\InstallShield Installation Information [09/01/2008|21:58] C:\Program Files\Internet Explorer [04/12/2007|21:48] C:\Program Files\Java [30/08/2006|13:10] C:\Program Files\Larousse [12/11/2006|19:40] C:\Program Files\Learn2.com [09/01/2008|15:33] C:\Program Files\Logitech [09/01/2008|21:58] C:\Program Files\LogMeIn [23/09/2006|10:58] C:\Program Files\Matroska Pack [26/05/2008|00:37] C:\Program Files\Messenger [10/05/2007|20:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [21/06/2006|11:57] C:\Program Files\microsoft frontpage [25/10/2007|19:43] C:\Program Files\Microsoft SQL Server Compact Edition [26/05/2008|00:37] C:\Program Files\Microsoft Works [11/01/2007|21:49] C:\Program Files\Mindscape [21/06/2006|11:57] C:\Program Files\Movie Maker [28/06/2008|12:45] C:\Program Files\Mozilla Firefox [24/03/2008|17:58] C:\Program Files\MSN [21/06/2006|11:43] C:\Program Files\MSN Gaming Zone [25/02/2008|20:11] C:\Program Files\MSN Messenger [09/01/2008|21:58] C:\Program Files\MSXML 4.0 [21/06/2006|11:43] C:\Program Files\Music Manager [21/06/2006|11:43] C:\Program Files\NetMeeting [28/12/2006|23:19] C:\Program Files\Neuf [21/06/2006|11:43] C:\Program Files\NVIDIA Corporation [21/06/2006|11:44] C:\Program Files\Online Services [04/01/2007|17:06] C:\Program Files\OpenOffice.org 2.0 [27/01/2008|21:53] C:\Program Files\Outlook Express [30/09/2006|17:16] C:\Program Files\PIXELA [11/09/2006|20:16] C:\Program Files\QuickTime [12/11/2006|19:39] C:\Program Files\Real [21/06/2006|11:44] C:\Program Files\Realtek AC97 [09/01/2008|21:58] C:\Program Files\Realtek Sound Manager [09/01/2008|21:58] C:\Program Files\RegCleaner [30/09/2006|17:13] C:\Program Files\REGSHAVE [10/08/2007|20:00] C:\Program Files\Samsung [30/08/2006|23:25] C:\Program Files\ScanSoft [21/06/2006|11:44] C:\Program Files\Services en ligne [21/06/2006|11:44] C:\Program Files\Sonic [10/01/2007|18:49] C:\Program Files\spybot [20/10/2007|13:53] C:\Program Files\Spybot - Search & Destroy [25/03/2008|20:01] C:\Program Files\Symantec [31/08/2006|18:27] C:\Program Files\TI Education [17/09/2006|20:43] C:\Program Files\Ubi Soft [17/09/2006|20:52] C:\Program Files\Ubi Soft Entertainment [09/01/2008|21:58] C:\Program Files\Uninstall Information [27/10/2007|13:43] C:\Program Files\Veoh Networks [04/01/2007|17:21] C:\Program Files\VideoLAN [24/09/2006|11:12] C:\Program Files\Warcraft III Demo [09/01/2008|21:58] C:\Program Files\Winamp [25/10/2007|19:43] C:\Program Files\Windows Desktop Search [30/11/2007|14:50] C:\Program Files\Windows Live [30/11/2007|14:49] C:\Program Files\Windows Live Favorites [04/01/2008|19:10] C:\Program Files\Windows Live Toolbar [28/03/2007|20:07] C:\Program Files\Windows Media Connect 2 [09/01/2008|22:03] C:\Program Files\Windows Media Player [21/06/2006|11:44] C:\Program Files\Windows NT [21/06/2006|11:44] C:\Program Files\xerox [27/06/2008|23:15] C:\Program Files\Yahoo! [11/09/2006|22:44] C:\Program Files\Yeti Studios ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [21/06/2006|11:56] C:\Program Files\Fichiers communs\Adobe [19/01/2008|21:25] C:\Program Files\Fichiers communs\AOL [04/01/2008|18:40] C:\Program Files\Fichiers communs\aolshare [09/01/2008|21:58] C:\Program Files\Fichiers communs\GTK [21/06/2006|11:56] C:\Program Files\Fichiers communs\InstallShield [21/06/2006|11:56] C:\Program Files\Fichiers communs\Java [09/01/2008|15:34] C:\Program Files\Fichiers communs\Logitech [28/11/2007|22:10] C:\Program Files\Fichiers communs\Microsoft Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\MSSoap [12/11/2006|19:39] C:\Program Files\Fichiers communs\Nullsoft [09/01/2008|21:58] C:\Program Files\Fichiers communs\ODBC [12/11/2006|19:39] C:\Program Files\Fichiers communs\Real [05/09/2006|03:13] C:\Program Files\Fichiers communs\ScanSoft Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\Services [21/06/2006|11:56] C:\Program Files\Fichiers communs\Sonic Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\SpeechEngines [21/06/2006|11:56] C:\Program Files\Fichiers communs\SureThing Shared [24/03/2008|17:58] C:\Program Files\Fichiers communs\Symantec Shared [14/06/2007|18:35] C:\Program Files\Fichiers communs\System [31/08/2006|17:59] C:\Program Files\Fichiers communs\TI Shared [21/06/2006|11:57] C:\Program Files\Fichiers communs\TiVo Shared [09/01/2008|21:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller ---------------------------[ Process ]-------------------------- ... 56 ... OK ! ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- Aucun fichier / dossier Lop trouvé ! ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 13:50:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\DOCUME~1\HLW\LOCALS~1\Temp\pack.epk C:\WINDOWS\pack.epk C:\WINDOWS\system32\bxzdimxcc_navps.dat C:\WINDOWS\system32\qmbtqudmvz_navps.dat C:\WINDOWS\system32\wyvyau_navps.dat C:\WINDOWS\system32\zgczkmit_navps.dat C:\WINDOWS\system32\bxzdimxcc_nav.dat C:\WINDOWS\system32\bxzdimxcc.dat C:\WINDOWS\system32\qmbtqudmvz_nav.dat C:\WINDOWS\system32\qmbtqudmvz.dat C:\WINDOWS\system32\wyvyau_nav.dat C:\WINDOWS\system32\wyvyau.dat C:\WINDOWS\system32\zgczkmit_nav.dat C:\WINDOWS\system32\zgczkmit.dat ! EGDACCESS ! => C:\Documents and Settings\HLW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-1d48f49a-6173d3b8.au => C:\Documents and Settings\HLW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-1d48f49a-6173d3b8.idx => C:\Documents and Settings\HLW\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw [F:2401][D:106]-> C:\DOCUME~1\HLW\LOCALS~1\Temp [F:371][D:0]-> C:\DOCUME~1\HLW\Cookies [F:29268][D:53]-> C:\DOCUME~1\HLW\LOCALS~1\TEMPOR~1\content.IE5 --------------------[ Fin du rapport a 13:52:29,32 ]----------------------
  15. dideul
    Voilà le premier rapport! -----------------------[ Lop S&D 4.2.1-8 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : HLW ] [ "C:\Lop SD" ] [ Selection : 1 ] [ 28/06/2008 | 13:41:12,46 ] [ PC : LGPB ] [ MAJ : 24-06-2008 | 11:00 ] -------------[ Listing des dossiers dans Application Data ]------------ [10/01/2007|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [04/01/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [30/08/2006|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ [29/03/2007|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [04/03/2007|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [02/11/2007|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt [25/02/2008|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [15/06/2008|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [12/04/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2 [09/01/2008|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [04/09/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [27/06/2008|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [05/09/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir [05/09/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard [10/01/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [25/06/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load [12/11/2006|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [03/03/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [12/04/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [28/06/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [30/10/2006|17:38] C:\DOCUME~1\ARZ\APPLIC~1\Adobe [15/04/2007|15:19] C:\DOCUME~1\ARZ\APPLIC~1\AdobeUM [12/11/2006|20:20] C:\DOCUME~1\ARZ\APPLIC~1\AOL [05/09/2006|03:00] C:\DOCUME~1\ARZ\APPLIC~1\Canon [30/08/2006|22:29] C:\DOCUME~1\ARZ\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\ARZ\APPLIC~1\desktop.ini [30/08/2006|13:13] C:\DOCUME~1\ARZ\APPLIC~1\Identities [03/09/2006|22:38] C:\DOCUME~1\ARZ\APPLIC~1\Leadertech [03/02/2007|13:38] C:\DOCUME~1\ARZ\APPLIC~1\Macromedia [18/03/2007|12:36] C:\DOCUME~1\ARZ\APPLIC~1\Microsoft [03/02/2007|13:33] C:\DOCUME~1\ARZ\APPLIC~1\Mozilla [24/03/2008|17:58] C:\DOCUME~1\ARZ\APPLIC~1\MSNInstaller [03/09/2006|22:53] C:\DOCUME~1\ARZ\APPLIC~1\OD2 [20/06/2008|17:54] C:\DOCUME~1\ARZ\APPLIC~1\OpenOffice.org2 [05/09/2006|03:36] C:\DOCUME~1\ARZ\APPLIC~1\ScanSoft [30/08/2006|13:13] C:\DOCUME~1\ARZ\APPLIC~1\Skype [03/09/2006|22:38] C:\DOCUME~1\ARZ\APPLIC~1\Sonic [28/06/2007|09:52] C:\DOCUME~1\ARZ\APPLIC~1\Sun [30/03/2008|14:48] C:\DOCUME~1\ARZ\APPLIC~1\Template [19/06/2008|13:45] C:\DOCUME~1\ARZ\APPLIC~1\thunkonline [26/10/2007|19:20] C:\DOCUME~1\ARZ\APPLIC~1\Windows Desktop Search [09/06/2006|03:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Skype [20/01/2008|15:31] C:\DOCUME~1\HLW\APPLIC~1\Adobe [04/03/2007|14:55] C:\DOCUME~1\HLW\APPLIC~1\AdobeUM [12/11/2006|19:40] C:\DOCUME~1\HLW\APPLIC~1\AOL [11/06/2008|15:01] C:\DOCUME~1\HLW\APPLIC~1\Canon [12/11/2006|17:29] C:\DOCUME~1\HLW\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\HLW\APPLIC~1\desktop.ini [28/01/2008|21:52] C:\DOCUME~1\HLW\APPLIC~1\FUJIFILM [21/06/2006|11:51] C:\DOCUME~1\HLW\APPLIC~1\Identities [04/03/2007|14:47] C:\DOCUME~1\HLW\APPLIC~1\Macromedia [25/10/2007|19:52] C:\DOCUME~1\HLW\APPLIC~1\Microsoft [09/02/2007|20:04] C:\DOCUME~1\HLW\APPLIC~1\Mozilla [01/10/2006|21:51] C:\DOCUME~1\HLW\APPLIC~1\OD2 [28/06/2008|12:44] C:\DOCUME~1\HLW\APPLIC~1\OpenOffice.org2 [14/10/2007|13:20] C:\DOCUME~1\HLW\APPLIC~1\ScanSoft [21/06/2006|11:51] C:\DOCUME~1\HLW\APPLIC~1\Skype [27/07/2007|12:08] C:\DOCUME~1\HLW\APPLIC~1\Sun [24/09/2006|12:01] C:\DOCUME~1\HLW\APPLIC~1\Template [17/06/2008|12:27] C:\DOCUME~1\HLW\APPLIC~1\thunkonline [19/03/2007|01:06] C:\DOCUME~1\HLW\APPLIC~1\vlc [27/10/2007|10:31] C:\DOCUME~1\HLW\APPLIC~1\Windows Desktop Search [12/11/2006|19:40] C:\DOCUME~1\HLW\APPLIC~1\You've Got Pictures Screensaver [14/04/2007|16:27] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe [13/11/2006|21:34] C:\DOCUME~1\INVIT~1\APPLIC~1\AOL [23/09/2006|10:42] C:\DOCUME~1\INVIT~1\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini [21/06/2006|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities [14/04/2007|14:30] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia [02/01/2008|16:13] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft [14/04/2007|14:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla [23/09/2006|10:34] C:\DOCUME~1\INVIT~1\APPLIC~1\OD2 [21/06/2006|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Skype [26/10/2007|17:08] C:\DOCUME~1\INVIT~1\APPLIC~1\Windows Desktop Search [25/10/2007|19:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [25/10/2007|19:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [28/06/2008 13:00][--ah-----] C:\WINDOWS\tasks\B605D6249BFA474C.job [28/06/2008 13:00][--ah-----] C:\WINDOWS\tasks\A0D12EC391C2A50F.job [28/06/2008 13:00][--ah-----] C:\WINDOWS\tasks\A58CD070918B489C.job [28/06/2008 13:36][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [02/03/2006 14:00][-rah-----] C:\WINDOWS\tasks\desktop.ini [28/06/2008 01:31][--ah-----] C:\WINDOWS\tasks\SA.DAT A0D12EC391C2A50F.job <--> c:\docume~1\arz\applic~1\thunko~1\linkmovemfcd.exe A58CD070918B489C.job <--> c:\docume~1\hlw\applic~1\thunko~1\linkmovemfcd.exe B605D6249BFA474C.job <--> c:\docume~1\salima\applic~1\thunko~1\linkmovemfcd.exe ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [21/06/2006|11:56] C:\Program Files\Adobe [10/01/2007|19:07] C:\Program Files\Alwil Software [19/01/2008|21:25] C:\Program Files\AOL [09/01/2008|21:58] C:\Program Files\AOL 9.0 [09/01/2008|21:57] C:\Program Files\AOL Compagnon [30/08/2006|23:23] C:\Program Files\ArcSoft [06/10/2007|20:02] C:\Program Files\Auralog [21/06/2006|11:56] C:\Program Files\AvRack [09/01/2008|21:55] C:\Program Files\Canon [27/06/2008|23:16] C:\Program Files\CCleaner [25/02/2008|20:11] C:\Program Files\Circle Developement [09/01/2008|21:58] C:\Program Files\ComPlus Applications [09/01/2008|21:58] C:\Program Files\CVitae [09/01/2008|21:58] C:\Program Files\CyberLink [26/05/2008|00:37] C:\Program Files\DivX [09/01/2008|21:58] C:\Program Files\eMule [21/03/2007|22:12] C:\Program Files\EZFace [09/01/2008|15:34] C:\Program Files\Fichiers communs [26/05/2008|00:37] C:\Program Files\FinePixViewer [04/01/2007|17:30] C:\Program Files\GIMP-2.0 [24/03/2008|17:57] C:\Program Files\IncrediMail [09/01/2008|15:33] C:\Program Files\InstallShield Installation Information [09/01/2008|21:58] C:\Program Files\Internet Explorer [04/12/2007|21:48] C:\Program Files\Java [30/08/2006|13:10] C:\Program Files\Larousse [12/11/2006|19:40] C:\Program Files\Learn2.com [09/01/2008|15:33] C:\Program Files\Logitech [09/01/2008|21:58] C:\Program Files\LogMeIn [23/09/2006|10:58] C:\Program Files\Matroska Pack [26/05/2008|00:37] C:\Program Files\Messenger [10/05/2007|20:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [21/06/2006|11:57] C:\Program Files\microsoft frontpage [25/10/2007|19:43] C:\Program Files\Microsoft SQL Server Compact Edition [26/05/2008|00:37] C:\Program Files\Microsoft Works [11/01/2007|21:49] C:\Program Files\Mindscape [21/06/2006|11:57] C:\Program Files\Movie Maker [28/06/2008|12:45] C:\Program Files\Mozilla Firefox [24/03/2008|17:58] C:\Program Files\MSN [21/06/2006|11:43] C:\Program Files\MSN Gaming Zone [25/02/2008|20:11] C:\Program Files\MSN Messenger [09/01/2008|21:58] C:\Program Files\MSXML 4.0 [21/06/2006|11:43] C:\Program Files\Music Manager [21/06/2006|11:43] C:\Program Files\NetMeeting [28/12/2006|23:19] C:\Program Files\Neuf [21/06/2006|11:43] C:\Program Files\NVIDIA Corporation [21/06/2006|11:44] C:\Program Files\Online Services [04/01/2007|17:06] C:\Program Files\OpenOffice.org 2.0 [27/01/2008|21:53] C:\Program Files\Outlook Express [30/09/2006|17:16] C:\Program Files\PIXELA [11/09/2006|20:16] C:\Program Files\QuickTime [12/11/2006|19:39] C:\Program Files\Real [21/06/2006|11:44] C:\Program Files\Realtek AC97 [09/01/2008|21:58] C:\Program Files\Realtek Sound Manager [09/01/2008|21:58] C:\Program Files\RegCleaner [30/09/2006|17:13] C:\Program Files\REGSHAVE [10/08/2007|20:00] C:\Program Files\Samsung [30/08/2006|23:25] C:\Program Files\ScanSoft [21/06/2006|11:44] C:\Program Files\Services en ligne [21/06/2006|11:44] C:\Program Files\Sonic [10/01/2007|18:49] C:\Program Files\spybot [20/10/2007|13:53] C:\Program Files\Spybot - Search & Destroy [25/03/2008|20:01] C:\Program Files\Symantec [25/06/2008|15:20] C:\Program Files\thunkonline [31/08/2006|18:27] C:\Program Files\TI Education [17/09/2006|20:43] C:\Program Files\Ubi Soft [17/09/2006|20:52] C:\Program Files\Ubi Soft Entertainment [09/01/2008|21:58] C:\Program Files\Uninstall Information [27/10/2007|13:43] C:\Program Files\Veoh Networks [04/01/2007|17:21] C:\Program Files\VideoLAN [12/11/2006|19:40] C:\Program Files\Viewpoint [24/09/2006|11:12] C:\Program Files\Warcraft III Demo [09/01/2008|21:58] C:\Program Files\Winamp [25/10/2007|19:43] C:\Program Files\Windows Desktop Search [30/11/2007|14:50] C:\Program Files\Windows Live [30/11/2007|14:49] C:\Program Files\Windows Live Favorites [04/01/2008|19:10] C:\Program Files\Windows Live Toolbar [28/03/2007|20:07] C:\Program Files\Windows Media Connect 2 [09/01/2008|22:03] C:\Program Files\Windows Media Player [21/06/2006|11:44] C:\Program Files\Windows NT [21/06/2006|11:44] C:\Program Files\xerox [27/06/2008|23:15] C:\Program Files\Yahoo! [11/09/2006|22:44] C:\Program Files\Yeti Studios ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [21/06/2006|11:56] C:\Program Files\Fichiers communs\Adobe [19/01/2008|21:25] C:\Program Files\Fichiers communs\AOL [04/01/2008|18:40] C:\Program Files\Fichiers communs\aolshare [09/01/2008|21:58] C:\Program Files\Fichiers communs\GTK [21/06/2006|11:56] C:\Program Files\Fichiers communs\InstallShield [21/06/2006|11:56] C:\Program Files\Fichiers communs\Java [09/01/2008|15:34] C:\Program Files\Fichiers communs\Logitech [28/11/2007|22:10] C:\Program Files\Fichiers communs\Microsoft Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\MSSoap [12/11/2006|19:39] C:\Program Files\Fichiers communs\Nullsoft [09/01/2008|21:58] C:\Program Files\Fichiers communs\ODBC [12/11/2006|19:39] C:\Program Files\Fichiers communs\Real [05/09/2006|03:13] C:\Program Files\Fichiers communs\ScanSoft Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\Services [21/06/2006|11:56] C:\Program Files\Fichiers communs\Sonic Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\SpeechEngines [21/06/2006|11:56] C:\Program Files\Fichiers communs\SureThing Shared [24/03/2008|17:58] C:\Program Files\Fichiers communs\Symantec Shared [14/06/2007|18:35] C:\Program Files\Fichiers communs\System [31/08/2006|17:59] C:\Program Files\Fichiers communs\TI Shared [21/06/2006|11:57] C:\Program Files\Fichiers communs\TiVo Shared [09/01/2008|21:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller ---------------------------[ Process ]-------------------------- ... 59 iexplore.exe ~ [2396] iexplore.exe ~ [2712] ----------------------[ Recherche avec S_Lop ]--------------------- C:\DOCUME~1\HLW\LOCALS~1\Temp\bisDA.exe -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Eggs List.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\more htm.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Noun 1.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1 C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\auajuxup.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\ceokcytl.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\klkqelkn.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\link move mfcd.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\Maileach.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1 C:\DOCUME~1\HLW\APPLIC~1\thunko~1\Ante amok plus grey.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\drueaepe.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\jltefmiu.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\kudwgbcd.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\link move mfcd.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\Maileach.exe C:\Program Files\thunko~1 C:\Program Files\Circle Developement C:\Program Files\Circle Developement\Uninstall.exe C:\WINDOWS\Prefetch\EGGS LIST.EXE-1E1FF1D9.pf C:\WINDOWS\Prefetch\MORE HTM.EXE-051749D8.pf C:\WINDOWS\Prefetch\LINK MOVE MFCD.EXE-0291D555.pf C:\WINDOWS\Prefetch\LINK MOVE MFCD.EXE-28E677C9.pf C:\WINDOWS\Prefetch\MAILEACH.EXE-092B270B.pf C:\WINDOWS\Prefetch\MAILEACH.EXE-28CC7B3F.pf C:\DOCUME~1\HLW\Cookies\hlw@www.adserver5[1].txt C:\DOCUME~1\HLW\Cookies\hlw@adin.bigpoint[1].txt C:\DOCUME~1\HLW\Cookies\hlw@bigpoint[1].txt C:\DOCUME~1\HLW\Cookies\hlw@fr1.seafight.bigpoint[1].txt C:\DOCUME~1\HLW\Cookies\hlw@banner.casinoking[2].txt C:\DOCUME~1\HLW\Cookies\hlw@casinoking[1].txt C:\DOCUME~1\HLW\Cookies\hlw@banner.cotedazurpalace[2].txt C:\DOCUME~1\HLW\Cookies\hlw@cotedazurpalace[1].txt C:\DOCUME~1\HLW\Cookies\hlw@adopt.euroclick[2].txt C:\DOCUME~1\HLW\Cookies\hlw@pacificpoker[2].txt C:\DOCUME~1\HLW\Cookies\hlw@partygaming.122.2o7[1].txt C:\DOCUME~1\HLW\Cookies\hlw@partypoker[1].txt C:\DOCUME~1\HLW\Cookies\hlw@fr1.seafight.bigpoint[1].txt C:\DOCUME~1\HLW\Cookies\hlw@32vegas[1].txt C:\DOCUME~1\HLW\Cookies\hlw@banner.32vegas[2].txt C:\DOCUME~1\HLW\Cookies\hlw@2xmoinscher[2].txt C:\DOCUME~1\HLW\Cookies\hlw@www.2xmoinscher[1].txt C:\DOCUME~1\HLW\Cookies\hlw@888[1].txt C:\WINDOWS\Tasks\A0D12EC391C2A50F.job C:\WINDOWS\Tasks\A58CD070918B489C.job C:\WINDOWS\Tasks\B605D6249BFA474C.job ----------------------[ Verification du Registre ]---------------------- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mode Load Mpeg Less"="C:\\Documents and Settings\\All Users\\Application Data\\two setup mode load\\Eggs List.exe" "Proxy exit"="C:\\DOCUME~1\\HLW\\APPLIC~1\\THUNKO~1\\Maileach.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mode Load Mpeg Less"="C:\\Documents and Settings\\All Users\\Application Data\\two setup mode load\\more htm.exe" --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts MODIFIE 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD -> 72 ( 70 ## added by CiD ) /!\ 1 Not 127.0.0.1 !! ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 13:42:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\DOCUME~1\HLW\LOCALS~1\Temp\pack.epk C:\WINDOWS\pack.epk C:\WINDOWS\system32\bxzdimxcc_navps.dat C:\WINDOWS\system32\qmbtqudmvz_navps.dat C:\WINDOWS\system32\wyvyau_navps.dat C:\WINDOWS\system32\zgczkmit_navps.dat C:\WINDOWS\system32\bxzdimxcc_nav.dat C:\WINDOWS\system32\bxzdimxcc.dat C:\WINDOWS\system32\qmbtqudmvz_nav.dat C:\WINDOWS\system32\qmbtqudmvz.dat C:\WINDOWS\system32\wyvyau_nav.dat C:\WINDOWS\system32\wyvyau.dat C:\WINDOWS\system32\zgczkmit_nav.dat C:\WINDOWS\system32\zgczkmit.dat ! EGDACCESS ! => C:\Documents and Settings\HLW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-1d48f49a-6173d3b8.au => C:\Documents and Settings\HLW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-1d48f49a-6173d3b8.idx => C:\Documents and Settings\HLW\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw [F:2402][D:106]-> C:\DOCUME~1\HLW\LOCALS~1\Temp [F:388][D:0]-> C:\DOCUME~1\HLW\Cookies [F:29268][D:53]-> C:\DOCUME~1\HLW\LOCALS~1\TEMPOR~1\content.IE5 --------------------[ Fin du rapport a 13:45:30,75 ]----------------------
  16. dideul
    Bonjour, Depuis quelques jours mon ordinateur ne fait que m'afficher des pubs intenpestive( casino, jeux de hasard...) de plus un message s'affiche pour me dire que mon PC est infécté et que je dois télécharger des fichiers pour le nettoyer. Je vous joins le rapport HijackThis Merci pour votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:37:56, on 28/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Larousse\Petit Larousse 2005\bin\HIPL2002Popup.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HyperappelPL] C:\Program Files\Larousse\Petit Larousse 2005\bin\HIPL2002Popup.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [puubxb] c:\windows\system32\puubxb.exe puubxb O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Mode Load Mpeg Less] C:\Documents and Settings\All Users\Application Data\two setup mode load\more htm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 O4 - HKCU\..\Run: [Proxy exit] C:\DOCUME~1\Salima\APPLIC~1\THUNKO~1\Maileach.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13312 bytes
  17. dideul
    Bonjour! Y'a personne pour me répondre SVP? Merci
  18. dideul
    Bonsoir! Depuis quelques temps mon ordi n'arrête pas de ramer. Je l'ai défragmenté, j'ai réorganisé mes dossiers en éliminant le superflu mais cela continue. Pourriez vous jeter un coup d'oeil sur le rapport Merci Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:47:45, on 03/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\hijak\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 10500 bytes
  19. dideul
    Slt! Pas le moindre problème! Je crois que je ferai plus d'achat en ligne maintenant.Sais t on jamais! Merci pour ta coopération.
  20. dideul
    Slt! Pas le moindre problème! Je crois que je ferai plus d'achat en ligne maintenant.Sais t on jamais! Merci pour ta coopération.
  21. dideul
    Voilà le rapport demandé! KASPERSKY ON-LINE SCANNER REPORT Thursday, November 16, 2006 9:21:28 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 16/11/2006 Enregistrements dans la base antivirus Kaspersky : 228744 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ Statistiques de l'analyse Total d'objets analysés 68343 Nombre de virus trouvés 0 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 0 Durée de l'analyse 00:41:55 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\call256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\callmember256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\contactgroup256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\index2.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\profile256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\user1024.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\user256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Historique\History.IE5\MSHist012006111620061117\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{FBE43C35-E09B-42B1-8FB7-9872B946AA21}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_210.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.
  22. dideul
    Voilà les rapports! SmitFraudFix v2.120 Rapport fait à 23:44:38,81, 15/11/2006 Executé à partir de C:\Documents and Settings\Abdel\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Abdel »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Abdel\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Abdel\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Thursday, November 16, 2006 7:48:00 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 15/11/2006 Enregistrements dans la base antivirus Kaspersky : 228441 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ Statistiques de l'analyse Total d'objets analysés 69232 Nombre de virus trouvés 1 Nombre d'objets infectés 1 / 0 Nombre d'objets suspects 0 Durée de l'analyse 00:43:31 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\call256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\callmember256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\contactgroup256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\index2.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\profile256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\user1024.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Application Data\Skype\abdelou69\user256.dbb L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Bureau\wifi.odt L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Historique\History.IE5\MSHist012006111520061116\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Temp\Perflib_Perfdata_7a8.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Temp\~DF85C9.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Abdel\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{89A8D913-FD41-4649-AC8D-B6A6D1C58642}\RP58\A0017483.dll Infecté : not-virus:Hoax.Win32.Renos.ap ignoré C:\System Volume Information\_restore{89A8D913-FD41-4649-AC8D-B6A6D1C58642}\RP60\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{56ADC1D9-58D0-4F23-B618-7CDBEAD5E83F}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_620.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.
  23. dideul
    Bien à toi Bruce! Désolé pour le temps d'attente des rapports.Maintenant que c'est fait je te les postes. Merci à toi pour l'interprétation --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 11:22:34 12/11/2006 + Résultat de l'analyse: :mozilla.145:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.146:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.147:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.148:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.149:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.150:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.6:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.7:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.88:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.89:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.40:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.41:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.93:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.75:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.76:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.77:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.90:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.91:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.92:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.172:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Coremetrics : Nettoyé. :mozilla.62:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.101:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.21:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé. :mozilla.46:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.47:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.48:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.54:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.55:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.56:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.57:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.58:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.70:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.71:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.72:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.73:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.74:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.199:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.200:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.86:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.87:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@ivwbox[2].txt -> TrackingCookie.Ivwbox : Nettoyé. :mozilla.94:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.35:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.36:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@ads.planetactive[2].txt -> TrackingCookie.Planetactive : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé. :mozilla.43:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.44:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.45:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.46:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.47:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.68:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.69:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.70:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.71:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.72:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.17:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.18:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.19:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.91:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.92:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.93:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.20:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.21:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.114:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.61:C:\Documents and Settings\invite\Application Data\Mozilla\Firefox\Profiles\66jpz6la.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Abdel\Cookies\abdel@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.113:C:\Documents and Settings\Abdel\Application Data\Mozilla\Firefox\Profiles\0g199v8y.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 18:44:55, on 13/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\NetAppel\NetAppel.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\7-Zip\7zFM.exe C:\DOCUME~1\Abdel\LOCALS~1\Temp\7zO80CF.tmp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe SmitFraudFix v2.120 Rapport fait à 10:11:43,37, 12/11/2006 Executé à partir de C:\Documents and Settings\Abdel\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  24. dideul
    RE Voila! SmitFraudFix v2.120 Rapport fait à 23:24:21,48, 10/11/2006 Executé à partir de C:\Documents and Settings\Abdel\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\rrtcany.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Abdel »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Abdel\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Abdel\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  25. dideul
    Salut Bruce Lee! J'ai suivi tes instructions.Ils m'ont demandé de dezipper tout le dossier.L'ordinateur s'est éteint pour redémarrer et après cela le message d'erreur qui clignoté non loin de l'horloge a disparu.J'ai pas réussi à enregistrer un quelconque rapport.Je te tiens au courant de la suite si le problème réapparaît. Merci pour ton intervention.
×
×
  • Créer...